Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2023-28800 - CERT CVE
CVE-2023-28800
ID
CVE-2023-28800
Sažetak
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
Reference
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=3.9&deployment_date=2023-01-25&id=1443546
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541
CVSS
Base:
6.1
Impact:
2.7
Exploitability:
2.8
Pristup
Vektor
Složenost
Autentikacija
NETWORK
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
LOW
LOW
NONE
CVSS vektor
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Zadnje važnije ažuriranje
17-10-2024 - 16:15
Objavljeno
22-06-2023 - 20:15
